Microsoft IIS FTP Server 'Malformed FTP List Request' DOS Vulnerability Network Vulnerability

Summary

This host is missing important security update according to Microsoft Bulletin MS99-033.

Impact

Successful exploitation will allows remote users to crash the application leading to denial of service condition or execute arbitrary code. Impact Level: System/Application

Solution

Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link. http://technet.microsoft.com/en-us/security/bulletin/ms99-033

Insight

The FTP service in IIS has an unchecked buffer in a component that processes 'list' commands. A constructed 'list' request could cause arbitrary code to execute on the server via a classic buffer overrun technique.

Affected

Microsoft Internet Information Services version 3.0 and 4.0

References

http://en.securitylab.ru/nvd/246545.php
http://technet.microsoft.com/en-us/security/bulletin/ms99-003

Updated on 2015-03-25

Severity

Classification

CVE CVE-1999-0349

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Microsoft Internet Explorer HTML Rendering Remote Memory Corruption Vulnerability (944533)
Microsoft .NET Framework Multiple Vulnerabilities (2861561)
Microsoft .NET Framework and Microsoft Silverlight Remote Code Execution Vulnerabilities (2651026)
Microsoft Internet Explorer Memory Corruption Vulnerability (2755801)
Microsoft IIS FTP Service Remote Code Execution Vulnerabilities (975254)

Take action and discover your vulnerabilities